Forums
Dumps Discussion
CompTIA
CAS-004 V1
Which of the follow...
 
Notifications
Clear all

Which of the following response actions should the analyst take FIRST?

 
CAS-004 V1
Last Post by Mauro 1 year ago
1 Posts
1 Users
0 Likes
69 Views
RSS
 Mauro
(@monvillemauro)
Posts: 721
Noble Member
Topic starter
 

A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

  • A . Disable powershell.exe on all Microsoft Windows endpoints.
    B. Restart Microsoft Windows Defender.
    C. Configure the forward proxy to block 40.90.23.154.
    D. Disable local administrator privileges on the endpoints.

Show Answer Hide Answer

Suggested Answer: C

Explanation:

top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.
 
Posted : 21/01/2023 7:07 am
Topic Tags
CompTIA CASP+

Latest CAS-004 V1 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Instant Download PDF
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  CompTIA CASP+ (187) ,
Share: